Commit graph

15166 commits

Author SHA1 Message Date
Eelco Dolstra ab363cd494
Merge pull request #8723 from fricklerhandwerk/doc-constants
revert anchor prefix for builtin constants
2023-07-20 17:13:07 +02:00
Valentin Gagarin 0e4f6dfcf7 revert anchor prefix for builtin constants
the original change broke many pre-existing anchor links.

also change formatting of the constants listing slightly:
- the type should not be part of the anchor
- add highlight to the "impure only" note
2023-07-20 10:27:38 +02:00
John Ericson 453c4be93c
Merge pull request #8680 from NixLayeredStore/test-groups
Introduce notion of a test group, use for CA tests
2023-07-19 11:17:57 -04:00
Valentin Gagarin b0173716f6
clarify wording on args@ default handling (#8596)
* clarify wording on args@ default handling

Most importantly use shorter sentences and emphasize the key point that defaults aren't taken into account

Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
Co-authored-by: John Ericson <git@JohnEricson.me>
2023-07-19 13:07:07 +00:00
Robert Hensing 32494cbb29
Merge pull request #7973 from fricklerhandwerk/remove-channels
remove the Channels section
2023-07-19 14:02:26 +02:00
Robert Hensing eca07b2a47
Merge pull request #8315 from fricklerhandwerk/doc-system
add information on the system type string
2023-07-19 12:07:23 +02:00
Valentin Gagarin 6c3cd429a6 fix broken links 2023-07-19 11:01:48 +02:00
Valentin Gagarin 0779005f49 expand on the extra-platforms option 2023-07-19 10:57:37 +02:00
Valentin Gagarin fcadac0a02 mention extra-platforms 2023-07-19 10:38:42 +02:00
Valentin Gagarin aba32def73 fix wording
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2023-07-19 10:38:30 +02:00
Valentin Gagarin 1a220bed93 do not mention output attributes
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2023-07-19 10:38:12 +02:00
Valentin Gagarin c8f04e2024 note that naming convention is from Autotools
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2023-07-19 10:37:40 +02:00
Valentin Gagarin 32de11923e add cross-links 2023-07-19 10:37:40 +02:00
Valentin Gagarin 4944e37ec0 expand on the system type in hacking guide 2023-07-19 10:37:40 +02:00
Valentin Gagarin 3763c7bb5e shorten system setting description 2023-07-19 10:37:40 +02:00
Valentin Gagarin c8a42039ea move docs of the current system to the system setting
add information what happens when Nix itself is cross-compiled
2023-07-19 10:37:40 +02:00
Valentin Gagarin 0751c1bfc6 one line per sentence for easier review 2023-07-19 10:37:40 +02:00
Valentin Gagarin 68b7bb1a06 add information on the system type string 2023-07-19 10:37:40 +02:00
Valentin Gagarin e14c8a359e list moving parts of channels 2023-07-19 10:26:25 +02:00
Valentin Gagarin 4bab5a6208 revert channel files overview 2023-07-19 09:42:53 +02:00
Valentin Gagarin cd0e39bd89 remove redundant information from channel profile description 2023-07-19 09:39:04 +02:00
Valentin Gagarin ee72ede389 remove the Channels section
this is a how-to guide which should not be in the reference manual.
it also refers to `nix-env`, which should not be the first thing readers
of the reference manual encounter, as it behaves very differently in
spirit from the rest of Nix.

slightly reword the documentation to be more concise and informative.
2023-07-19 09:39:04 +02:00
Robert Hensing 0e3a7e34a0
Merge pull request #8506 from corngood/ssh-master
Pass NIX_SSHOPTS when checking for an ssh master connection.
2023-07-18 15:47:57 +02:00
John Ericson 259e328de8 Introduce notion of a test group, use for CA tests
Grouping our tests should make it easier to understand the intent than
one long poorly-arranged list. It also is convenient for running just
the tests for a specific component when working on that component.

We need at least one test group so this isn't dead code; I decided to
collect the tests for the `ca-derivations` and `dynamic-derivations`
experimental features in groups. Do
```bash
make ca.test-group -jN
```
and
```bash
make dyn-drv.test-group -jN
```
to try running just them.

I originally did this as part of #8397 for being able to just the local
overlay store alone. I am PRing it separately now so we can separate
general infra from new features.

Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-07-18 09:31:13 -04:00
Théophane Hufschmitt a8d5bb5e7e
Merge pull request #8342 from NixLayeredStore/best-effort-supplementary-groups
Best effort supplementary groups
2023-07-17 20:58:17 +02:00
Sinan Mohd a5c88f8609
Nix Reference Manual: keep nix expressions uptodate with nixpkgs (#8703) 2023-07-16 09:25:11 +00:00
John Ericson bc499b2e4e
Merge pull request #8696 from NixLayeredStore/nested-sandboxing
Test nested sandboxing, and make nicer error
2023-07-14 10:25:38 -04:00
John Ericson 0f7242ff87 Test nested sandboxing, and make nicer error
We were bedeviled by sandboxing issues when working on the layered
store. The problem ended up being that when we have nested nix builds,
and the inner store is inside the build dir (e.g. store is
`/build/nix-test/$name/store`, build dir is `/build`) bind mounts
clobber each other and store paths cannot be found.

After thoroughly cleaning up `local-derivation-goal.cc`, we might be
able to make that work. But that is a lot of work. For now, we just fail
earlier with a proper error message.

Finally, test this: nested sandboxing without the problematic store dir
should work, and with should fail with the expected error message.

Co-authored-by: Dylan Green <67574902+cidkidnix@users.noreply.github.com>
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2023-07-14 09:40:24 -04:00
Robert Hensing 6d9f1a8dcc
Merge pull request #8691 from obsidiansystems/built-path
Move `BuiltPath` to its own header/C++ file in libcmd
2023-07-14 13:12:16 +02:00
cidkidnix adb28d4a26 move unset NIX_STORE_DIR in supplementary-groups.sh
to inside the unshare
2023-07-13 14:23:24 -05:00
cidkidnix 1a13757880 Add comment regarding the unset of NIX_STORE_DIR
in build-remote.sh and supplementary-groups.sh
2023-07-13 14:18:12 -05:00
John Ericson 84c4e6f0ac Revert "Skip build-remote-trustless unless sandbox is supported."
This reverts commit 41412dc4ae.
2023-07-13 15:06:50 -04:00
John Ericson 9e64f24340 Revert "Check _NIX_TEST_NO_SANDBOX when setting _canUseSandbox."
This reverts commit c1d39de1fb.
2023-07-13 15:06:34 -04:00
John Ericson ddc0a2050b Merge remote-tracking branch 'upstream/master' into best-effort-supplementary-groups 2023-07-13 15:06:08 -04:00
John Ericson bbc08a11f4
Merge pull request #8694 from obsidiansystems/fix-lang-tests
Fix race condition in the language tests
2023-07-13 09:13:25 -04:00
John Ericson e072e18475 Fix race condition in the language tests
When we pipe to `>(...)` like that, we unfortunately don't wait for the
process to finish. Better to just substitute the file.

Also, use the "unified" diff output that people (including myself) are
more familiar with, thanks to Git.
2023-07-13 08:09:03 -04:00
John Ericson caabc4f648 Feature gate DownstreamPlaceholder::unknownCaOutput
This is a part of CA derivations that we forgot to put behind the
experimental feature.

This was caught by @fricklerhandwerk in
https://github.com/NixOS/nix/pull/8369#discussion_r1258133719
2023-07-13 07:56:33 -04:00
John Ericson 2c3fb0eb33 Move BuiltPath to its own header/C++ file in libcmd
It is less important, and used less widely, than `DerivedPath`.
2023-07-12 23:01:10 -04:00
Ben Radford a2acd23466
Update src/libstore/globals.hh
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-07-12 12:33:05 +01:00
Ben Radford 0309f6b5b8
Update src/libstore/globals.hh
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-07-12 12:32:57 +01:00
John Ericson cafb5e8a17
Merge pull request #7954 from obsidiansystems/lang-test-improvements
Language test improvements
2023-07-11 22:24:02 -04:00
Mathnerd314 c70484454f Expanded test suite
* Lang now verifies errors and parse output

* Some new miscellaneous tests

* Easy way to update the tests

* Document workflow in manual

* Use `!` not `~` as separater char for sed

  It is confusing to use `~` when we are talking about paths and home
  directories!

* Test test suite itself (`test/lang-test/infra.sh`)

Additionally, run shellcheck on `tests/lang.sh` to help ensure it is
correct, now that is is more complex.

Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-07-11 21:43:09 -04:00
Ben Radford 41412dc4ae
Skip build-remote-trustless unless sandbox is supported. 2023-07-11 12:52:59 +01:00
Ben Radford c1d39de1fb
Check _NIX_TEST_NO_SANDBOX when setting _canUseSandbox. 2023-07-11 12:08:33 +01:00
Ben Radford b8e8dfc3e8
Say a bit about default value in setting description. 2023-07-11 11:25:49 +01:00
Ben Radford a193ec4052
Default should depend on whether we are root. 2023-07-11 11:14:13 +01:00
Ben Radford 2b4c59dd99
Be clearer about the security implications. 2023-07-11 11:09:25 +01:00
Ben Radford 0caf28f238
Update description for require-drop-supplementary-groups. 2023-07-11 10:57:14 +01:00
Ben Radford 07dabcc90e
Always attempt setgroups but allow failure to be ignored. 2023-07-11 10:44:05 +01:00
Ben Radford 25b20b4ad2
Merge remote-tracking branch 'origin/master' into best-effort-supplementary-groups 2023-07-11 09:38:34 +01:00